Active Directory Admin Denied Access - Why? The 2019 Stack Overflow Developer Survey Results Are InWindows Active Directory naming best practices?User in domain admin group cannot access directory the group has permission to accessAccess denied after adding Active Directory group to shared folderAccess a remote active directoryActive Directory DNS issue? Event ID 13 Access Denied,Unable to move OU in Active Directory (Access is denied)Active Directory logon issueActive directory overwriting existing computersnet computer returns “Access is denied” for admin userCan't open Active Directory Users and Computers, although AD is operational

Why do UK politicians seemingly ignore opinion polls on Brexit?

Does the shape of a die affect the probability of a number being rolled?

One word riddle: Vowel in the middle

Who coined the term "madman theory"?

Is this app Icon Browser Safe/Legit?

How to answer pointed "are you quitting" questioning when I don't want them to suspect

Why isn't airport relocation done gradually?

Have you ever entered Singapore using a different passport or name?

How to save as into a customized destination on macOS?

Can someone be penalized for an "unlawful" act if no penalty is specified?

Falsification in Math vs Science

Is a "Democratic" Oligarchy-Style System Possible?

Loose spokes after only a few rides

Identify boardgame from Big movie

Feature engineering suggestion required

A poker game description that does not feel gimmicky

What is the most effective way of iterating a std::vector and why?

Which Sci-Fi work first showed weapon of galactic-scale mass destruction?

Is an up-to-date browser secure on an out-of-date OS?

Button changing it's text & action. Good or terrible?

Resizing object distorts it (Illustrator CC 2018)

slides for 30min~1hr skype tenure track application interview

Can a flute soloist sit?

Are there incongruent pythagorean triangles with the same perimeter and same area?



Active Directory Admin Denied Access - Why?



The 2019 Stack Overflow Developer Survey Results Are InWindows Active Directory naming best practices?User in domain admin group cannot access directory the group has permission to accessAccess denied after adding Active Directory group to shared folderAccess a remote active directoryActive Directory DNS issue? Event ID 13 Access Denied,Unable to move OU in Active Directory (Access is denied)Active Directory logon issueActive directory overwriting existing computersnet computer returns “Access is denied” for admin userCan't open Active Directory Users and Computers, although AD is operational



.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;








1















Logged in as the domain admin of an Active Directory environment, I'm attempting to run this command to reboot a workstation:



@start /b cmd /c shutdown -r -f -t 1 -m \COMPUTER-NAME


I'm getting this error:



COMPUTER-NAME: Access is denied


Why would the domain admin be denied access to execute this command?






active-directory windows-server-2008-r2







share|improve this question

















  • 1





    IMO, this shouldn't happen! Can you check if the workstation is having group policy applied (check if domain admins is in the Administrators group), and the proper SMB settings. I once encountered this problem when SMB2 was disabled on a Windows 7 desktop, and had to manually enable through regedit!

    – Am_I_Helpful
    Apr 7 at 7:39







  • 1





    Is the problem specific to the shutdown command, or does it also fail if you try dir \COMPUTER-NAMEc$ ?

    – Harry Johnston
    Apr 7 at 22:07






  • 1





    Another setting to check is "Access this computer from the network" under User Rights Assignment in the local security policy. Also the corresponding "Deny access to this computer from the network".

    – Harry Johnston
    Apr 7 at 22:09






  • 1





    The workstation might not be properly joined to the domain. I recommend logging into the workstation interactively using the local administrator account, double-checking that the computer is using the right computer name, and leaving and then re-joining the domain.

    – Harry Johnston
    Apr 7 at 23:54






  • 1





    ... the target account name problem can also occur in some scenarios involving multiple domains, e.g., if computer-name is in domain A but you're trying to connect to it from a machine in domain B and there is a computer object in domain B that is also named computer-name.

    – Harry Johnston
    Apr 7 at 23:56


















1















Logged in as the domain admin of an Active Directory environment, I'm attempting to run this command to reboot a workstation:



@start /b cmd /c shutdown -r -f -t 1 -m \COMPUTER-NAME


I'm getting this error:



COMPUTER-NAME: Access is denied


Why would the domain admin be denied access to execute this command?






active-directory windows-server-2008-r2







share|improve this question

















  • 1





    IMO, this shouldn't happen! Can you check if the workstation is having group policy applied (check if domain admins is in the Administrators group), and the proper SMB settings. I once encountered this problem when SMB2 was disabled on a Windows 7 desktop, and had to manually enable through regedit!

    – Am_I_Helpful
    Apr 7 at 7:39







  • 1





    Is the problem specific to the shutdown command, or does it also fail if you try dir \COMPUTER-NAMEc$ ?

    – Harry Johnston
    Apr 7 at 22:07






  • 1





    Another setting to check is "Access this computer from the network" under User Rights Assignment in the local security policy. Also the corresponding "Deny access to this computer from the network".

    – Harry Johnston
    Apr 7 at 22:09






  • 1





    The workstation might not be properly joined to the domain. I recommend logging into the workstation interactively using the local administrator account, double-checking that the computer is using the right computer name, and leaving and then re-joining the domain.

    – Harry Johnston
    Apr 7 at 23:54






  • 1





    ... the target account name problem can also occur in some scenarios involving multiple domains, e.g., if computer-name is in domain A but you're trying to connect to it from a machine in domain B and there is a computer object in domain B that is also named computer-name.

    – Harry Johnston
    Apr 7 at 23:56














1












1








1


1






Logged in as the domain admin of an Active Directory environment, I'm attempting to run this command to reboot a workstation:



@start /b cmd /c shutdown -r -f -t 1 -m \COMPUTER-NAME


I'm getting this error:



COMPUTER-NAME: Access is denied


Why would the domain admin be denied access to execute this command?






active-directory windows-server-2008-r2







share|improve this question














Logged in as the domain admin of an Active Directory environment, I'm attempting to run this command to reboot a workstation:



@start /b cmd /c shutdown -r -f -t 1 -m \COMPUTER-NAME


I'm getting this error:



COMPUTER-NAME: Access is denied


Why would the domain admin be denied access to execute this command?






active-directory windows-server-2008-r2




active-directory windows-server-2008-r2






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Apr 7 at 7:34









LonnieBestLonnieBest

58131030




58131030







  • 1





    IMO, this shouldn't happen! Can you check if the workstation is having group policy applied (check if domain admins is in the Administrators group), and the proper SMB settings. I once encountered this problem when SMB2 was disabled on a Windows 7 desktop, and had to manually enable through regedit!

    – Am_I_Helpful
    Apr 7 at 7:39







  • 1





    Is the problem specific to the shutdown command, or does it also fail if you try dir \COMPUTER-NAMEc$ ?

    – Harry Johnston
    Apr 7 at 22:07






  • 1





    Another setting to check is "Access this computer from the network" under User Rights Assignment in the local security policy. Also the corresponding "Deny access to this computer from the network".

    – Harry Johnston
    Apr 7 at 22:09






  • 1





    The workstation might not be properly joined to the domain. I recommend logging into the workstation interactively using the local administrator account, double-checking that the computer is using the right computer name, and leaving and then re-joining the domain.

    – Harry Johnston
    Apr 7 at 23:54






  • 1





    ... the target account name problem can also occur in some scenarios involving multiple domains, e.g., if computer-name is in domain A but you're trying to connect to it from a machine in domain B and there is a computer object in domain B that is also named computer-name.

    – Harry Johnston
    Apr 7 at 23:56













  • 1





    IMO, this shouldn't happen! Can you check if the workstation is having group policy applied (check if domain admins is in the Administrators group), and the proper SMB settings. I once encountered this problem when SMB2 was disabled on a Windows 7 desktop, and had to manually enable through regedit!

    – Am_I_Helpful
    Apr 7 at 7:39







  • 1





    Is the problem specific to the shutdown command, or does it also fail if you try dir \COMPUTER-NAMEc$ ?

    – Harry Johnston
    Apr 7 at 22:07






  • 1





    Another setting to check is "Access this computer from the network" under User Rights Assignment in the local security policy. Also the corresponding "Deny access to this computer from the network".

    – Harry Johnston
    Apr 7 at 22:09






  • 1





    The workstation might not be properly joined to the domain. I recommend logging into the workstation interactively using the local administrator account, double-checking that the computer is using the right computer name, and leaving and then re-joining the domain.

    – Harry Johnston
    Apr 7 at 23:54






  • 1





    ... the target account name problem can also occur in some scenarios involving multiple domains, e.g., if computer-name is in domain A but you're trying to connect to it from a machine in domain B and there is a computer object in domain B that is also named computer-name.

    – Harry Johnston
    Apr 7 at 23:56








1




1





IMO, this shouldn't happen! Can you check if the workstation is having group policy applied (check if domain admins is in the Administrators group), and the proper SMB settings. I once encountered this problem when SMB2 was disabled on a Windows 7 desktop, and had to manually enable through regedit!

– Am_I_Helpful
Apr 7 at 7:39






IMO, this shouldn't happen! Can you check if the workstation is having group policy applied (check if domain admins is in the Administrators group), and the proper SMB settings. I once encountered this problem when SMB2 was disabled on a Windows 7 desktop, and had to manually enable through regedit!

– Am_I_Helpful
Apr 7 at 7:39





1




1





Is the problem specific to the shutdown command, or does it also fail if you try dir \COMPUTER-NAMEc$ ?

– Harry Johnston
Apr 7 at 22:07





Is the problem specific to the shutdown command, or does it also fail if you try dir \COMPUTER-NAMEc$ ?

– Harry Johnston
Apr 7 at 22:07




1




1





Another setting to check is "Access this computer from the network" under User Rights Assignment in the local security policy. Also the corresponding "Deny access to this computer from the network".

– Harry Johnston
Apr 7 at 22:09





Another setting to check is "Access this computer from the network" under User Rights Assignment in the local security policy. Also the corresponding "Deny access to this computer from the network".

– Harry Johnston
Apr 7 at 22:09




1




1





The workstation might not be properly joined to the domain. I recommend logging into the workstation interactively using the local administrator account, double-checking that the computer is using the right computer name, and leaving and then re-joining the domain.

– Harry Johnston
Apr 7 at 23:54





The workstation might not be properly joined to the domain. I recommend logging into the workstation interactively using the local administrator account, double-checking that the computer is using the right computer name, and leaving and then re-joining the domain.

– Harry Johnston
Apr 7 at 23:54




1




1





... the target account name problem can also occur in some scenarios involving multiple domains, e.g., if computer-name is in domain A but you're trying to connect to it from a machine in domain B and there is a computer object in domain B that is also named computer-name.

– Harry Johnston
Apr 7 at 23:56






... the target account name problem can also occur in some scenarios involving multiple domains, e.g., if computer-name is in domain A but you're trying to connect to it from a machine in domain B and there is a computer object in domain B that is also named computer-name.

– Harry Johnston
Apr 7 at 23:56











1 Answer
1






active

oldest

votes


















0














The issue was caused by a DNS Host(A) record that got auto-created 4 years ago: where another computer (renamed since) use to have the same name as the current computer I was trying to remotely reboot. That old record pointed to a different IP address than what the current computer (with that same name) is currently using via a dhcp reservation.



Harry Johnston suggested this command:



dir \COMPUTER-NAMEc$


That produce this error:



The target account name is incorrect.


He also suggested pining "computer-name", which showed the wrong IP address!



So, I guess the shutdown command would not permit the reboot, because the computer that this old dns record pointed to was not the computer I was trying to reboot; the name in DNS did not match the name on the computer specified in the shutdown command. "Accessed denied", was all the shutdown command produced. Its too bad it wouldn't indicate WHY access was denied.



Anyway, after removing that old dns record, the remote reboot succeeded.






share|improve this answer























    Your Answer








    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "2"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader:
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    ,
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );













    draft saved

    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f961872%2factive-directory-admin-denied-access-why%23new-answer', 'question_page');

    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    0














    The issue was caused by a DNS Host(A) record that got auto-created 4 years ago: where another computer (renamed since) use to have the same name as the current computer I was trying to remotely reboot. That old record pointed to a different IP address than what the current computer (with that same name) is currently using via a dhcp reservation.



    Harry Johnston suggested this command:



    dir \COMPUTER-NAMEc$


    That produce this error:



    The target account name is incorrect.


    He also suggested pining "computer-name", which showed the wrong IP address!



    So, I guess the shutdown command would not permit the reboot, because the computer that this old dns record pointed to was not the computer I was trying to reboot; the name in DNS did not match the name on the computer specified in the shutdown command. "Accessed denied", was all the shutdown command produced. Its too bad it wouldn't indicate WHY access was denied.



    Anyway, after removing that old dns record, the remote reboot succeeded.






    share|improve this answer



























      0














      The issue was caused by a DNS Host(A) record that got auto-created 4 years ago: where another computer (renamed since) use to have the same name as the current computer I was trying to remotely reboot. That old record pointed to a different IP address than what the current computer (with that same name) is currently using via a dhcp reservation.



      Harry Johnston suggested this command:



      dir \COMPUTER-NAMEc$


      That produce this error:



      The target account name is incorrect.


      He also suggested pining "computer-name", which showed the wrong IP address!



      So, I guess the shutdown command would not permit the reboot, because the computer that this old dns record pointed to was not the computer I was trying to reboot; the name in DNS did not match the name on the computer specified in the shutdown command. "Accessed denied", was all the shutdown command produced. Its too bad it wouldn't indicate WHY access was denied.



      Anyway, after removing that old dns record, the remote reboot succeeded.






      share|improve this answer

























        0












        0








        0







        The issue was caused by a DNS Host(A) record that got auto-created 4 years ago: where another computer (renamed since) use to have the same name as the current computer I was trying to remotely reboot. That old record pointed to a different IP address than what the current computer (with that same name) is currently using via a dhcp reservation.



        Harry Johnston suggested this command:



        dir \COMPUTER-NAMEc$


        That produce this error:



        The target account name is incorrect.


        He also suggested pining "computer-name", which showed the wrong IP address!



        So, I guess the shutdown command would not permit the reboot, because the computer that this old dns record pointed to was not the computer I was trying to reboot; the name in DNS did not match the name on the computer specified in the shutdown command. "Accessed denied", was all the shutdown command produced. Its too bad it wouldn't indicate WHY access was denied.



        Anyway, after removing that old dns record, the remote reboot succeeded.






        share|improve this answer













        The issue was caused by a DNS Host(A) record that got auto-created 4 years ago: where another computer (renamed since) use to have the same name as the current computer I was trying to remotely reboot. That old record pointed to a different IP address than what the current computer (with that same name) is currently using via a dhcp reservation.



        Harry Johnston suggested this command:



        dir \COMPUTER-NAMEc$


        That produce this error:



        The target account name is incorrect.


        He also suggested pining "computer-name", which showed the wrong IP address!



        So, I guess the shutdown command would not permit the reboot, because the computer that this old dns record pointed to was not the computer I was trying to reboot; the name in DNS did not match the name on the computer specified in the shutdown command. "Accessed denied", was all the shutdown command produced. Its too bad it wouldn't indicate WHY access was denied.



        Anyway, after removing that old dns record, the remote reboot succeeded.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered 13 hours ago









        LonnieBestLonnieBest

        58131030




        58131030



























            draft saved

            draft discarded
















































            Thanks for contributing an answer to Server Fault!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid


            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.

            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f961872%2factive-directory-admin-denied-access-why%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            -

            Popular posts from this blog

            How to make RAID controller rescan devices The 2019 Stack Overflow Developer Survey Results Are InLSI MegaRAID SAS 9261-8i: Disk isn't recognized after replacementHow to monitor the hard disk status behind Dell PERC H710 Raid Controller with CentOS 6?LSI MegaRAID - Recreate missing RAID 1 arrayext. 2-bay USB-Drive with RAID: btrfs RAID vs built-in RAIDInvalid SAS topologyDoes enabling JBOD mode on LSI based controllers affect existing logical disks/arrays?Why is there a shift between the WWN reported from the controller and the Linux system?Optimal RAID 6+0 Setup for 40+ 4TB DisksAccidental SAS cable removal

            Image
            Is "plugging out" electronic devices an American expression? Does a dangling wire really electrocute me if I'm standing in water? Adding labels to a table: columns and rows Spanish for "widget" Landlord wants to switch my lease to a "Land contract" to "get back at the city" Lethal sonic weapons On the insanity of kings as an argument against monarchy Is there a general name for the setup in which payoffs are not known exactly but players try to influence each other's perception of the payoffs? How long do I have to send my income tax payment to the IRS? Geography at the pixel level Can a zener diode with a higher power dissipation be used in place of the original one in an audio amplifier? How can I make payments on the Internet without leaving a money trail? What can other administrators access on my machine? Understanding the implication of what "well-defined" means for the operation in quotient group
            Read more

            Куамањотепек (Чилапа де Алварез) Садржај Становништво Види још Референце Спољашње везе Мени за навигацију17°19′47″N 99°1′51″W / 17.32972° СГШ; 99.03083° ЗГД / 17.32972; -99.0308317°19′47″N 99°1′51″W / 17.32972° СГШ; 99.03083° ЗГД / 17.32972; -99.030838877656„Instituto Nacional de Estadística y Geografía”„The GeoNames geographical database”Мексичка насељапроширитиуу

            Image
            Насеља у општини Чилапа де Алварез (Гереро) шп.МексикуГерероопштиниЧилапа де Алварезнадморској висини2010 (function()var node=document.getElementById("mw-dismissablenotice-anonplace");if(node)node.outerHTML="u003Cdiv class="mw-dismissable-notice"u003Eu003Cdiv class="mw-dismissable-notice-close"u003E[u003Ca tabindex="0" role="button"u003Eсакријu003C/au003E]u003C/divu003Eu003Cdiv class="mw-dismissable-notice-body"u003Eu003Cdiv id="localNotice" lang="sr" dir="ltr"u003Eu003Cdiv class="noticebanner"u003Eu003Cdiv class="plainlinks" style="background-image: -moz-linear-gradient(top, #fefefe, #fefefe, #f0f0f0); background-image: -o-linear-gradient(top, #fefefe, #fefefe, #f0f0f0); background-image: -webkit-linear-gradient(top, #fefefe, #fefefe, #f0f0f0); background-image: linear-gradient(to bottom, #fefefe, #fefefe, #f0f0f0);; -moz-border-radius: 10px; -webkit-border-rad
            Read more

            Can the Right Ascension and Argument of Perigee of a spacecraft's orbit keep varying by themselves with time? The 2019 Stack Overflow Developer Survey Results Are InHow is the altitude of a satellite defined, given that the Earth is not spherical?Why do satellites appear to move faster when overhead and slower closer to the horizon?For the mathematical relationship between J2 (km^5/s^2) and dimensionless J2 - which one is derived from the other?Why is Nodal precession affected by the rotational period of the planet?Why is it so difficult to predict the exact reentry location and time of a very low earth orbit object?Why are low earth orbit satellites not visible from the same place all the time?Perifocal coordinates and the orbit equationHow feasible is the Moonspike mission?What was the typical perigee after a shuttle de-orbit burn?I am having trouble calculating my classic orbital elements and am at a loss on where to lookAm I supposed to modify the gravitational constant with scale and why do fps & time scale changes cause my orbit to break?How Local time of a sun synchronous orbit is related to Right ascension of ascending node?What is wrong with my orbit sim equations? How can I fix them?How to obtain the initial positions and velocities of an inclined orbit?

            Image
            Why is this recursive code so slow? Button changing its text & action. Good or terrible? What do I do when my TA workload is more than expected? What is the most efficient way to store a numeric range? Why are there uneven bright areas in this photo of black hole? Why can't wing-mounted spoilers be used to steepen approaches? What aspect of planet earth must be changed to prevent the industrial revolution? Deal with toxic manager when you can't quit Single author papers against my advisor's will? Did any laptop computers have a built-in 5 1/4 inch floppy drive? How can I add encounters in the Lost Mine of Phandelver campaign without giving PCs too much XP? How many cones with angle theta can I pack into the unit sphere? Why did Peik say, "I'm not an animal"? How do I free up internal storage if I don't have any apps downloaded? How to read αἱμύλιος or when to aspirate Question on an engine pulling a train Why can't d
            Read more